CVE-2021-46760

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:amd:ryzen_3945wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:amd:ryzen_3955wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:amd:ryzen_3960x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:amd:ryzen_3970x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:amd:ryzen_3975wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:amd:ryzen_3990x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:amd:ryzen_3995wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*

History

22 May 2023, 15:40

Type Values Removed Values Added
First Time Amd ryzen 3945wx Firmware
Amd ryzen 3995wx
Amd
Amd ryzen 3975wx Firmware
Amd ryzen 3945wx
Amd ryzen 3990x Firmware
Amd ryzen 3990x
Amd ryzen 3960x Firmware
Amd ryzen 3955wx
Amd ryzen 3995wx Firmware
Amd ryzen 3970x Firmware
Amd ryzen 3955wx Firmware
Amd ryzen 3970x
Amd ryzen 3960x
Amd ryzen 3975wx
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-119
CPE cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3970x:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3960x:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3975wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3945wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3955wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3995wx:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3960x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3960x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3990x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3995wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3975wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3990x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3945wx_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3995wx_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3955wx_firmware:castlepeakwspi-swrx8_1.0.0.9:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3955wx:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3975wx:-:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3990x:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3970x_firmware:castlepeakpi-sp3r3_1.0.0.7:*:*:*:*:*:*:*
cpe:2.3:h:amd:ryzen_3945wx:-:*:*:*:*:*:*:*
cpe:2.3:o:amd:ryzen_3970x_firmware:chagallwspi-swrx8_1.0.0.2:*:*:*:*:*:*:*
References (MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - (MISC) https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4001 - Vendor Advisory

09 May 2023, 20:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-09 20:15

Updated : 2023-12-10 15:01


NVD link : CVE-2021-46760

Mitre link : CVE-2021-46760

CVE.ORG link : CVE-2021-46760


JSON object : View

Products Affected

amd

  • ryzen_3960x
  • ryzen_3955wx
  • ryzen_3990x
  • ryzen_3975wx_firmware
  • ryzen_3970x_firmware
  • ryzen_3945wx_firmware
  • ryzen_3960x_firmware
  • ryzen_3990x_firmware
  • ryzen_3995wx
  • ryzen_3945wx
  • ryzen_3955wx_firmware
  • ryzen_3970x
  • ryzen_3995wx_firmware
  • ryzen_3975wx
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer